Advisen FPN

Advisen Europe Front Page News - Wednesday, November 17, 2021

   
The world's most dangerous malware, Emotet, is back
The world's most dangerous malware, Emotet, is back
Publication Date 11/16/2021
Source: dpa trends

Not long ago, there was a piece of malware spreading across the globe wreaking havoc on the computer systems of governments, major companies, hospitals and everyday users.

Emotet would infect your computer by arriving as an email that looked legitimate. Once on your computer, it could do any number of malicious things, such as finding out your online banking password or encrypting all your files and demanding money to get them back.

It would then often go on to read your address book and start sending out bogus emails that seem to come from you, spreading the infection to even more computers.

But in January of this year, authorities gave all clear.

Europol, the EU's police service, announced that the infrastructure of the "world's most dangerous malware"- used mainly by organised crime groups - had been brought under control.

Investigators from eight countries were involved in the operation, which lasted more than two years. Indeed, no further Emotet incidents became known afterwards.

Then on Sunday evening, the systems of one team of security analysts registered a malware called TrickBot, which in turn loaded another malware.

This was confirmed to be Emotet.

Experts from other security companies also confirmed the analysis of IT security company G Data.

Almost a year after the major attack from the extremely dangerous malware was declared over, the security experts are now warning that Emotet is back.

"Smells like Emotet, looks like Emotet, behaves like Emotet - seems to be Emotet," is the conclusion of cybersecurity experts from G Data in a November 15 report called "Guess Who's Back?" The German company had been supporting authorities with technical analyses.

Security experts first became aware of Emotet in 2014 when it first infected systems around the world as a trojan.

"The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale," Europol said, describing how it worked.

The malware is thought to have infected the IT systems of various companies, governments and institutions. Alone in Germany the malware was found on tens of thousands of private computers.

The malware typically used a Word document, often disguised as a harmless attachment to an email or even as a link, to break into a person's computer.

As soon as access was gained, it was sold to cybercriminals. These in turn were able to smuggle in their own trojans or ransomware in order to gain access to bank data, resell captured data or extort a ransom for blocked files.

The malware was hidden in fake invoices, delivery notices or would-be information about Covid-19, but when the user clicked on the link or opened the attachment, the malware installed itself and spread rapidly.

Ruediger Trost, an expert at the cybersecurity company F-Secure, said the challenges for companies don't structurally change with this latest emergence of Emotet. "But the level of cybersecurity risk for companies increases when this malware family reappears in greater numbers."

What should you do if you think Emotet or a similar malware is installed on your computer? Experts say you should change immediately change all the passwords stored on the infected computer, such as those saved within browsers. You should then reinstall the operating system to wipe out all traces of the malware.

(c) 2021 dpa
Sompo International
Advisen